标签:
一、禁用SELinux:
# 永久禁用,需要重启生效:
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/sysconfig/selinux sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config
# 临时禁用,不需要重新启动:
setenforce 0
二、修改系统语言:
cp /etc/locale.conf /etc/locale.conf.bak
vim /etc/locale.conf
LANG="zh_CN.UTF-8" #中文 #LANG="en_US.UTF-8" #英文
三、更新系统补丁:
yum update -y
四、安装常用工具
yum install vim wget lvm2 lsb net-tools openssh-clients vim-enhanced
五、LNMP环境依赖包安装:
yum install vim vim-enhanced wget zip unzip telnet ntsysv compat* apr* nasm* gcc gcc* gcc-c++ ntp make imake cmake automake autoconf python-devel zlib zlib-devel glibc glibc-devel glib2 libxml glib2-devel libxml2 libxml2-devel bzip2 bzip2-devel libXpm libXpm-devel libidn libidn-devel libtool libtool-ltdl-devel* libmcrypt libmcrypt-devel libevent-devel libmcrypt* libicu-devel libxslt-devel postgresql-devel curl curl-devel perl perl-Net-SSLeay pcre pcre-devel ncurses ncurses-devel openssl openssl-devel openldap openldap-devel openldap-clients openldap-servers krb5 krb5-devel e2fsprogs e2fsprogs-devel libjpeg libpng libjpeg-devel libjpeg-6b libjpeg-devel-6b libpng-devel libtiff-devel freetype freetype-devel fontconfig-devel gd gd-devel kernel screen sysstat flex bison nss_ldap pam-devel compat-libstdc++-33
六、关闭firewalld防火墙:
systemctl stop firewalld.service
systemctl disable firewalld.service
七、启用iptables防火墙:
yum install iptables-services
service itpables start
八、安装配置初始化iptables策略:
iptables -F -t nat iptables -X -t nat iptables -Z -t nat iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -p all -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A FORWARD -m state --state INVALID -j DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT service iptables save service iptables restart cat /etc/sysconfig/iptables service iptables status iptables -nL
九、禁用root远程登录:
vim /etc/ssh/sshd_config
# 添加:
View Code# 重启ssh服务:
service sshd restart
十、修改远程登录端口号:
vim /etc/ssh/sshd_config
# 添加:
Port 10022
#重启ssh服务:
service sshd restart
十一、设置账户自动注销时间:
vim /etc/profile
# 添加:
TMOUT=600
十二、设置历史命令:
vim /etc/profile
# 修改:
HISTSIZE=10
十三、配置环境变量:(纯属个人爱好)
vim /etc/bashrc
# 添加
alias ll=‘ls -l --time-style="+%Y-%m-%d %H:%M:%S"‘ #ll命令显示文件时间格式 alias date=‘date "+%Y-%m-%d %H:%M:%S.%A"‘ #日期和时间的显示格式 PS1="\[\e[37;40m\][\[\e[33;40m\]\u\[\e[37;40m\]@\[\e[32;40m\]\h \[\e[37;40m\]:\[\e[35;40m\]\w\[\e[37;40m\]]\\$ " #终端shell带颜色
十四、配置计划任务更新补丁:
echo "yum update" >> /etc/rc.local echo "30 3 * * 1 yum update" >> /var/spool/cron/root
十五、启用公钥验证:
vim /etc/ssh/sshd_config
# 添加
RSAAuthentication yes # 启用 RSA 认证,默认为yes
PubkeyAuthentication yes # 启用公钥认证,默认为yes
mkdir -p ~/.ssh chmod 700 ~/.ssh
ssh-keygen -t rsa -P "" scp ~/.ssh/id_rsa.pub root@目标ip/.ssh/authorized_keys
# 在目标服务器上操作:
chmod 600 ~/.ssh/authorized_keys
# 验证
ssh -l root 目标i
标签:
原文地址:http://www.cnblogs.com/yange/p/5570784.html
